Reference Links:

IMPACT ASSESSMENT:

Discussion:

1) An unspecified error exists related to directory traversal. No further information is currently available.

An unspecified error exists related to HTTP methods. No further information is currently available.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input is not properly sanitised in deferredView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input is not properly sanitised in searchView.jsp before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 7.0 running on AIX (64-bit), Linux, and Windows.